Vous êtes sur la page 1sur 26

The Cost Effectiveness and

Security of Taxpayer Data in the


Electronic Transcript Delivery System

June 1999

Reference Number: 092903


June 30, 1999

MEMORANDUM FOR COMMISSIONER ROSSOTTI

FROM: David C. Williams


Inspector General

SUBJECT: Final Audit Report – The Cost Effectiveness and Security of


Taxpayer Data in the Electronic Transcript Delivery System

This report presents the results of our review of the Internal Revenue Service's (IRS)
Electronic Transcript Delivery System (ETDS). ETDS is an automated system to
provide third parties, such as mortgage lenders and government agencies, faster
access to tax return information. The taxpayer's consent is required before this
information is released.

In summary, the cost effectiveness of ETDS has not been determined. Also, IRS
management has not adequately addressed the risks that third parties may misuse tax
information, and that third parties as well as IRS may not adequately protect tax
information from unauthorized disclosures. The IRS can reduce these risks by following
through on our recommendations. However, these risks are significant and must be
weighed collectively in determining whether to continue development of this project.

We briefed IRS management on the issues contained in this report on April 10, 1998,
and provided them a draft of this report for comment on July 2, 1998. In his
February 22,1999, response to the draft report, the Assistant Commissioner (Electronic
Tax Administration) agreed with most of the findings and recommendations presented.
He did not address our recommendations to require third party computer systems to
meet minimum security standards and to require background investigations for third
party employees who access ETDS. We have also excluded one of our
recommendations based on a Counsel opinion issued after our draft report.

Copies of this report are being sent to the IRS managers who are affected by the report
recommendations. Please call me at (202) 622-6500 if you have any questions, or your
staff may contact Pamela J. Gardiner, Deputy Inspector General for Audit, at
(202) 622-6510.
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Table of Contents

Executive Summary .................................................................................. Page i


Objectives and Scope ............................................................................... Page 1
Background ............................................................................................... Page 1
Results ...................................................................................................... Page 3
Legislation to Restrict the Unauthorized Use of
Tax Return Information by Third Parties Is Incomplete................... Page 4
Security Requirements for Third Party Computers Are
Not Adequate to Deter Unauthorized Disclosure of
Tax Return Information................................................................... Page 6
Security of Data on IRS Computers Is Not Adequate to
Deter Unauthorized Disclosure of Tax Return Information ............. Page 8
Conclusion ................................................................................................ Page 9
Appendix I - Detailed Objectives, Scope and Methodology....................... Page 10
Appendix II - Major Contributors to This Report ........................................ Page 11
Appendix III - Report Distribution List........................................................ Page 12
Appendix IV - Management’s Response to the Draft Report..................... Page 13
Appendix V - Office of Audit’s Comments to Management’s Response.... Page 20
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Executive Summary

The Internal Revenue Service (IRS) is developing the Electronic Transcript Delivery
System (ETDS), an automated system to provide third parties, such as mortgage lenders
and government agencies, faster access to tax return information. With the taxpayer's
consent, the IRS will release up to three years of tax information to each requestor.
ETDS is being designed to provide the information to requestors within 24 hours
compared to the 7 to 10 days currently required to process a request for a summary of tax
return information received through the mail, and the 60 days required for a photocopy of
the tax return. In addition to faster service, the IRS estimated that ETDS could improve
voluntary compliance by $2 to $4 billion annually by encouraging taxpayers to report all
their income to support their mortgage applications. The IRS estimated it would cost
$7.67 million to implement ETDS, but it has not yet developed estimates for operating
and maintenance costs.
The objectives of our review were to validate the costs and benefits of ETDS, and
determine if controls were adequate to ensure taxpayer privacy and data security.

Results

We could not verify the IRS' estimated costs and benefits for ETDS due to its lack of
documentation and testing. However, we did identify concerns over the security and
privacy of taxpayer data. The IRS needs to address the following concerns in
determining the priority for rolling out the ETDS project compared to other projects
needed for IRS modernization:
• Potential unauthorized use of the released tax return information by third parties.
• Potential unauthorized access to tax information on third party computer systems.
• Potential unauthorized access to tax information on IRS computer systems.

Summary of Recommendations

The IRS should initiate legislation to prohibit the unauthorized use of taxpayer
information on ETDS by third parties. Also, it should take a more proactive role to
advise taxpayers of the risk in releasing data to third parties, and in ensuring better
security over taxpayer data by third parties. The IRS also needs to ensure that ETDS
meets government security standards.

Page i
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Management’s Response: With the exception of Recommendation 3, which was not


addressed (see pages 7 and 8), the Assistant Commissioner (Electronic Tax
Administration) has agreed with the findings and has developed corrective actions to
address the issues. Management’s comments are incorporated in the report where
appropriate, and the full text of their response is included as Appendix IV.
Office of Audit’s Comments: We agree with the corrective actions outlined in
management’s response. However, the Assistant Commissioner (Electronic Tax
Administration) did not address Recommendation 3 to require third party computer
systems to meet the same security standards the IRS and state agencies are required to
meet, and to require background investigations for personnel accessing ETDS. We
believe these are important preventive controls that would decrease the risk of
unauthorized disclosure while increasing taxpayer confidence in the system.

Page ii
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Objectives and Scope

The objectives of our review were to validate the costs


and benefits of the Electronic Transcript Delivery
System (ETDS), and determine if controls were
adequate to ensure taxpayer privacy and data security.
We conducted the review from August 26, 1997,
through March 31, 1998, in accordance with
We reviewed ETDS for costs Government Auditing Standards.
and benefits, and privacy and To accomplish our objectives we:
data security concerns.
• Reviewed the Internal Revenue Service’s (IRS)
assumptions about current and future estimated costs
of developing, establishing, and maintaining ETDS.
• Reviewed the IRS’estimated increase in revenues
from increased voluntary compliance when ETDS is
implemented.
• Evaluated the risks to taxpayer privacy and data
security by releasing tax return information to third
parties under ETDS.
Appendix I provides the detailed objectives, scope and
methodology of our review. A listing of major
contributors to this report is shown in Appendix II.

Background

Mortgage lenders and some federal agencies indicated


they would like to receive IRS tax return information
faster and more efficiently than via the current paper
process. The paper process provides taxpayers or
authorized third parties a summary of tax return
information in 7 to 10 workdays after IRS receives the
request through the mail.
ETDS will provide third The IRS is developing ETDS to provide tax data faster
parties tax return information and more efficiently. ETDS is an automated system
in an electronic format within designed to give tax information to third parties, such as
24 hours of their request. mortgage lenders and government agencies, in an

Page 1
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

electronic format within 24 hours. The request could be


for as many as three years of tax return information.
To help ensure fair treatment for taxpayers, Vice
President Gore recommended testing and implementing
ETDS in his Reinventing Service at the IRS document
published in March 1998.
As currently designed, a third party will complete, and
have the taxpayer sign, a request for tax return
information. The ETDS user will then gain system
access only after passing several authorization checks.
These checks include a Personal Identification Number,
a password, and the use of a SmartCard (a system
similar to that used by Automated Teller Machines).
Once the request has been placed with the IRS, a series
of programs will be used to ensure the accuracy and
completeness of the request. After the request passes
this validation process, the IRS will place the
information in a secure electronic mailbox for receipt by
the requestor.
The IRS currently provides tax return information to
third parties by mailing them a summary of the tax
return information or a photocopy of the tax return.
Instructions on the Request for Copy or Transcript of
Tax Form (Form 4506), indicate it will take 7 to 10
workdays to obtain a summary of this information after
IRS receives the request through the mail, and up to
60 calendar days to obtain a copy of the tax return. The
summary includes most of the line items from the tax
return that the IRS has entered into its computer system.
A copy of a tax return includes all tax return
information.
ETDS would provide only 24 of the line items from the
tax return. It would also include one additional item to
reflect a revised taxable income, if applicable (e.g., the
taxable income could be revised due to the taxpayer
filing an amended tax return or the IRS disallowing
deductions). ETDS will also use a validation process
and maintain a record to identify the individuals
requesting and obtaining the tax return information.

Page 2
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

With these features, the system could quickly provide


relevant tax information.

Results

We could not validate the IRS’ We could not validate the IRS’assumptions about future
assumptions about future costs estimated costs of developing, establishing, and
of ETDS or the projections of maintaining ETDS. The ETDS Project Office has
increased revenue and estimated the total cost for implementation of ETDS at
taxpayer compliance. $7.67 million, but has not developed sufficient
information to support its estimate. In addition, the
Project Office does not have sufficient information to
determine operating and maintenance costs for ETDS.
The Project Office would need the assistance of
Information Systems Field Operations personnel in
obtaining accurate information regarding the potential
future costs of the system. However, these personnel
would not be available to assist in this area until the
project has been approved for pilot testing. As of
June 7, 1999, ETDS had not been approved for pilot
testing.
We also could not validate the Project Office's
projections of increased revenue and taxpayer
compliance attributed to the use of ETDS. The Project
Office estimates ETDS would increase revenue and
voluntary compliance by $2 to $4 billion annually by
encouraging taxpayers to report all income in support of
their mortgage applications. The Project Office,
however, has not yet prepared a comprehensive business
case to support its projections. The Project Office plans
to complete a comprehensive business case by
June 1999, using the information obtained during the
pilot testing.
Although ETDS will provide less information on a
Because of increased risks of
taxpayer’s return than is being released through the
unauthorized disclosure and
security over data, IRS should current paper process, ETDS has the potential to greatly
resolve privacy and security increase the number of taxpayers whose tax information
concerns before is in the hands of third parties. Therefore, the IRS needs
implementation. to address the following concerns over the security and
privacy of taxpayer data in determining the priority of

Page 3
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

rolling out this project compared to other projects


needed for modernization:
• Potential unauthorized use of the released tax return
information by third parties.
• Potential unauthorized access to tax information on
third party computer systems.
• Potential unauthorized access to tax information on
IRS computer systems.

Legislation to Restrict the Unauthorized Use of


Tax Return Information by Third Parties Is
Incomplete

We have concerns about the potential unauthorized use


of taxpayer information and the IRS’ability to properly
enforce laws relating to the improper use of the
information. Because taxpayer data will be furnished in
an electronic format, third-party users of ETDS could
more easily use the electronic tax information in ways
other than intended, such as developing marketing or
mailing lists.
Legislation is currently being drafted to address this
issue. However, in our opinion, the draft legislation is
not specific enough to fully address the risks of
unauthorized use. Existing legislation is very specific
Legislation being drafted to regarding how taxpayer data can be used by other
restrict unauthorized use of government agencies. For example, the Health Care
tax data is not specific about Financing Administration is restricted to using taxpayer
third-party use of the data. data “only for the purposes of, and to the extent
necessary in, determining the extent to which any
medicare beneficiary is covered under any group health
plan.” However, the draft legislation does not contain
the same specific restrictions on the use of taxpayer data
by third parties. For example, mortgage lenders are not
restricted to using the data only for mortgage lending
activities.
The legislation does not specifically restrict
unauthorized use of taxpayer information by third

Page 4
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

parties. Representatives from the Office of Chief


Counsel, Office of Disclosure, and the Privacy Advocate
have also expressed concerns about these issues. The
release form taxpayers sign states that IRS has no
liability over the use of the information given to third
parties. However, we are concerned that taxpayers may
not be aware that third parties could misuse the tax
information. Having taxpayer data in an electronic
format increases the ease, and thus the risk, that it could
be misused.
Legislation should specifically In our opinion, without specifically restricting the use of
restrict the use of tax return tax return information, the legislation is not sufficient.
information. ETDS Project Office personnel did not resolve these
issues before developing the system.

Recommendations

1. The IRS should ensure that proposed legislation


prohibits the secondary (inappropriate) use of any
taxpayer information, including information
currently released through other processes.
Management's Response: IRS management agreed
and will request that the Internal Revenue Code be
modified to restrict unauthorized use of tax
information by third parties.
2. The IRS should develop an awareness program to
provide direction to taxpayers if they believe
confidential tax return information has been
inappropriately released.
Management's Response: IRS management agreed
and will communicate to taxpayers through
information provided in Form 4506, and common
publications and instructions for the Form 1040
family.

Page 5
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Security Requirements for Third Party


Computers Are Not Adequate to Deter
Unauthorized Disclosure of Tax Return
Information

There are no regulations in There are no regulations or procedures in place to


place to protect tax protect the tax return information released by the IRS to
information provided to third third parties. The risk exists that computer “hackers” or
parties. employees of third parties could access and misuse the
tax information from ETDS.
The number of requests for taxpayer information
released through ETDS may dramatically increase over
the current paper volume if other industries (such as
automotive dealers or high-dollar retail sellers) gain
access to ETDS for income verification. Such an
increase will result in an even greater risk of
unauthorized disclosures.
The IRS is required to maintain minimum security
standards over tax return information. When this
information is shared with state agencies, IRS
Disclosure Officers are required to make visitations to
the agencies to ensure that proper security controls are in
place. However, the IRS has no plans to require the
same security over electronic tax return information
released to private businesses.
The draft ETDS MOUs for The draft Memoranda of Understanding (MOU)
lenders do not include between third parties and the IRS for using ETDS do not
computer security standards. include computer security standards that would
safeguard taxpayer information. IRS Counsel is of the
opinion that computer security standards should not be
included in the MOU. Counsel does not want taxpayers
to perceive the IRS as still "owning" the tax information
after it has been provided to third parties.
However, releasing electronic tax return information to
third parties is a new process for the IRS, and adequate
controls must be established to safeguard taxpayer data.
While mortgage lenders have been able to work with the
paper processing time frame, the shorter time frame

Page 6
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

using ETDS could generate more requests, as well as


interest from other industries.
Also, even though the IRS requires background checks
on all of its employees who have access to taxpayer
data, the draft MOUs do not require background
investigations of third party employees who will have
access to ETDS.

Recommendation

3. Electronic Tax Administration (ETA) management


should incorporate security requirements, similar to
those with which the IRS must comply, into the
MOU and provide oversight of third parties to help
ensure that tax return information is adequately
protected. This would include ensuring third party
computer systems meet the same security
requirements as IRS and state agencies. In addition,
ETA management should require background
investigations of personnel in all entities accessing
ETDS.
Management's Response: Management responded
that, during the pilot, access to ETDS will be
revoked if violations occur, and the system will be
monitored for unauthorized disclosures through a
confirmation program with taxpayers. Access will
be limited by the use of passwords and SmartCards.
Office of Audit Comment: IRS management did not
address our recommendation that third party
computer systems be required to meet the same
security requirements as federal and state agencies
when receiving taxpayer data. IRS management also
did not address our recommendation to require
background investigations for personnel accessing
ETDS. We believe these are important preventive
controls that would decrease the risk of unauthorized
disclosure while increasing taxpayer confidence in
the system.
The confirmation program, as proposed in
management’s response, would be ineffective

Page 7
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

because it would validate only the taxpayers’


authorizations to release the information, and would
not identify unauthorized disclosures by third
parties.

Security of Data on IRS Computers Is Not


Adequate to Deter Unauthorized Disclosure of
Tax Return Information

ETDS had not met minimum As mentioned earlier, the IRS must ensure that the
security requirements as of ETDS computer system meets minimum security
September 5, 1997. standards to protect electronic tax return information
when the system is implemented. These standards are
provided in Treasury Directive 71-10. Not meeting
these standards increases the risks that computer
“hackers” or unauthorized IRS employees could access
and misuse tax information on IRS computers.
As noted in the System Security Test and Evaluation
final report dated September 5, 1997, ETDS had not met
these requirements in its current configuration. The
report identified five problems encountered during
testing:
• All computer connections were not properly secured.
• An audit log had not been established to track
accesses.
• The security officer had not been appointed.
• The security officer had not been trained.
• Encryption codes to prevent unauthorized accesses
of electronically transmitted data were not changed
every 45 days.
ETDS Project Office personnel had not placed sufficient
emphasis on the security of data on ETDS computers.

Recommendation

4. ETA management needs to review the final


configuration of ETDS before implementation to

Page 8
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

ensure that it adequately reduces the risk of


unauthorized disclosures, and to ensure that the
identified shortcomings are addressed.
Management's Response: ETDS was certified on
May 15, 1998, and an additional endorsement was
provided on July 6, 1998, from the Chief Operations
Officer. The Office of Security Standards and
Evaluation was revalidating the certification as of
December 9, 1998. ETDS is also undergoing a
Year 2000 certification.
Office of Audit Comment: As of May 25, 1999,
management had not completed the security
certification.

Conclusion

As designed, the ETDS will provide a faster process for


providing limited tax return information to third parties
than the current paper method. However, the following
concerns should be resolved before further developing
the system: insufficient information on the cost
effectiveness of ETDS, insufficient legislation over
inappropriate use of taxpayer information by third
parties, and inadequate computer security which could
lead to possible unauthorized disclosure of tax
information on third party and IRS computers.

Page 9
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Appendix I

Detailed Objectives, Scope and Methodology

The Electronic Transcript Delivery System (ETDS) is an automated process being


developed by the Internal Revenue Service (IRS) to release tax return information to third
parties in an electronic format. We conducted this review to validate the costs and
benefits of ETDS, and determine if controls were adequate to ensure taxpayer privacy
and data security. To accomplish our objectives, we performed the following steps:
• Reviewed the cost documentation for Fiscal Years 1996 and 1997 for
reasonableness. The documentation reviewed included salaries, travel, hardware
and software costs, and vendor costs.
• Discussed with the ETDS Project Office the costs associated with initial
implementation of the system nationwide (maintenance and operating costs after
implementation had not been determined by the Project Office).
• Reviewed the IRS information regarding the $2 to $4 billion increase in voluntary
compliance due to ETDS.
• Reviewed the outside contractor’s test results of the project to determine if it
successfully passed the test. The contractor’s tests included: system hardware and
software, telecommunication hardware and software, system interface, internal and
external users, system security, and system performance.
• Reviewed the outside contractor’s test results of the project to determine if the
project was being designed to meet minimum government security requirements,
known as C2 level of security.
• Reviewed the draft Memoranda of Understanding for lenders and other federal
agencies.
• Discussed the security over the requests for information in the paper environment
with Northeast Region Audit.
• Conducted a walk-through at the Fresno IRS Service Center to determine how it
processes paper requests.
• Discussed any security or privacy concerns held by the Privacy Advocate,
Disclosure, and Counsel as it relates to ETDS.
• Discussed with Legislative Affairs the legislation being drafted to restrict
unauthorized use of released return tax information.

Page 10
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Appendix II

Major Contributors to This Report

Stephen Mullins, Regional Inspector General for Audit


Gail Yorgason, Audit Manager
Richard Calderon, Auditor
Bill Richards, Auditor
Karl Zenft, Auditor

Page 11
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Appendix III

Report Distribution List

National Director for Legislative Affairs CL:LA


Chief Operations Officer OP
Assistant Commissioner (Electronic Tax Administration) OP:ETA
Assistant Commissioner (Research & Statistics of Income) OP:RS
Assistant Commissioner (Customer Service) OP:C
Assistant Commissioner (Forms and Submission Processing) OP:FS
Office of Management Controls M:CFO:A:M
Chief Counsel CC
Office of the National Taxpayer Advocate C:TA
Systems Standards and Evaluation Office IS:E
Audit Liaisons:
Assistant Commissioner (Electronic Tax Administration) OP:ETA
Assistant Commissioner (Research and Statistics of Income) OP:RS
Assistant Commissioner (Customer Service) OP:C
Assistant Commissioner (Forms and Submission Processing) OP:FS
Chief Counsel CC
Office of the National Taxpayer Advocate C:TA
Systems Standards and Evaluation Office IS:E

Page 12
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Appendix IV

Management's Response to the Draft Report

Page 13
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Page 14
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Page 15
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Page 16
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Page 17
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Page 18
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Page 19
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

Appendix V

Office of Audit’s Comments to Management’s Response

Based on information provided in the response from the Assistant Commissioner


(Electronic Tax Administration) to our July 2, 1998, draft report (see Appendix IV), we:
• Revised Recommendation 1 by deleting two of the three items that were part of the
recommendation in the draft report. We deleted the recommendation to specify
penalties and fines for unauthorized use of tax information because they are covered
by existing laws. We also deleted the recommendation to designate a responsible
official to ensure compliance with the law because the Internal Revenue Service
(IRS) could not effectively do this based on the volume of requests received. See
Management’s Response to Recommendation 1 on pages 15 and 16.
• Deleted one finding and the related recommendation from this final audit report based
on the opinion by Disclosure Litigation. See Recommendation 5 in Management's
Response on page 19.
The following documents are referred to in Management's Response and were included
as Attachments to the response, but have not been included in this final report because of
the size of the documents:

• Attachment A - Blank copy of Form 4506 (Rev. 5-97), Request for Copy or
Transcript of Tax Form

• Attachment B - Blank copy of Form 4506 (Rev. 5-97), Request for Copy or
Transcript of Tax Form with suggested revisions

• Attachment C - Two memoranda as follows:


− Memorandum dated July 6, 1998, from Chief Operations Officer to Assistant
Commissioner (Electronic Tax Administration), subject "Electronic Transcript
Delivery System (ETDS) Accreditation"
− Memorandum dated May 15, 1998, from Director, Telecommunications and
Operations Division to Director, Office of Research, subject "Certification
Transmittal Memorandum for Electronic Transcript Delivery System (ETDS)"
with two attachments:
-Electronic Transcript Delivery System (ETDS) Certification Statement
-Electronic Transcript Delivery System (ETDS) Security Evaluation Report

Page 20
The Cost Effectiveness and Security of Taxpayer Data
in the Electronic Transcript Delivery System

• Attachment D - Memorandum dated July 27, 1998, from Chief, Branch 4 (Disclosure
Litigation) to Regional Inspector, Western Region, subject "Disclosure of Net
Operating Loss Information”

Page 21